package com.netx.ebs;


class AuthorizationChecker implements SecurityChecker {

	private final String _permissionName;

	public AuthorizationChecker(String permissionName) {
		_permissionName = permissionName;
	}
	
	public void check(EbsRequest request, EbsResponse response) throws SecurityCheckException {
		Session session = request.getUserSession();
		Permission[] permissions = session.getUser().getPermissions();
		for(Permission p : permissions) {
			if(p.getName().equals(_permissionName)) {
				return;
			}
		}
		request.setAttribute(Constants.REQUEST_ERROR_URL, request.getCompleteRequestURL(true));
		throw new NotAuthorizedException(_permissionName);
	}

}
